Creating and Deploying a Virtual Machine Role in Windows Azure

In this exercise, you prepare the base image that you will deploy to Windows Azure.

In Hyper-V Server, you create a new virtual machine and perform a default installation of Windows Server 2008 R2. After booting the virtual machine, you log in, install and configure the required OS features, and then install the Windows Azure VM Role Integration Components. In a more realistic scenario, at this point, you would typically install additional software.

Once you have installed and configured all the required software, you apply the System Preparation Tool (sysprep.exe) to generalize the image, shut it down, and then you upload it to Windows Azure.
Next, you create a service model and configure it to use the deployed image, generate a service package, and then deploy it to your subscription using the Windows Azure Management Portal.

Task 1 – Building a Base Virtual Machine Image

In this task, you create a virtual machine in Hyper-V to build a base image of Windows Server 2008 R2.

  1. Open Hyper-V Manager in the Start menu and connect to your Hyper-V Server.
    Hyper-V Manager console
  2. In Hyper-V Manager, right-click the server name, point to New, and then select Virtual Machine. Click Next at the welcome screen to start the New Virtual Machine Wizard.
    Creating a new virtual machine to prepare an image
  3. In the Specify Name and Location step, set the name to VM Role and then click Next.
    Choosing the name of the new virtual machine
  4. In the Assign Memory step, set the amount of memory to 2048 MB and then click Next.
    Configuring the amount memory assigned to the virtual machine
  5. Next, in the Configure Networking step, select Local Area Connection – Virtual Network and then click Next.
    Configuring networking options for the virtual machine
    Note:The network connection will be used by the virtual machine to access Windows Update and apply required updates.
  6. Now, in the Connect Virtual Disk step, select the option labeled Create a virtual hard disk. Set the Name of the disk to baseimage.vhd, change the location to a suitable folder in your Hyper-V server, set the disk Size to 30GB, and then click Next to continue.
    Creating a new virtual hard disk
    Note:The VHD size must fit the quota allocated for the chosen VM size for you role. In this case, setting the size to 30GB allows you to deploy the VM in a “small” role.
    If you already have a VHD file with a clean installation of Windows Server 2008 R2, you may use that instead. To do this, select the option labeled Use an existing virtual hard disk and browse to the location of the VHD file. Note that the image file must contain a single partition with the OS installation and must not include a recovery partition.
    Note:If you use an existing image, after you create the virtual machine, you may skip the OS installation section of this task and proceed to the next task.

    Using an existing virtual hard disk
  7. In the Installation Options step, choose the option that is the most suitable for the type of setup media that you have, and then click Next.
    Installing an operating system from the setup media
    Note:To create a base image for the Virtual Machine Role, you require setup media for Windows Server 2008 R2 Enterprise Edition. Click here to download trial software.

    Completing the Virtual Machine Wizard
  8. Click Finish to create the virtual machine.
  9. In Hyper-V Manager, in the results pane, under Virtual Machines, right-click the name of the newly created virtual machine and then select Connect.
    Note:If Hyper-V manager does not list the virtual machine, you may need to right-click the server name and select Refresh.
  10. In the toolbar of the Virtual Machine Connection window, click the Start icon.
    Starting the virtual machine in Hyper-V
    Note:Virtual Machine Connection is a tool that you use to connect to a virtual machine so that you can install or interact with the guest operating system.
  11. Start the virtual machine to launch the Windows Server 2008 R2 installation procedure.
    Note:If the installation does not start automatically, you may have specified an incorrect location of the setup media for Windows Server 2008 R2 in the Installation Options page of the New Virtual Machine wizard.
  12. Install Windows Server 2008 R2 Enterprise edition using default settings. The only special requirement for a valid VM Role image is to allocate the entire virtual hard disk file to a single partition where you install the operating system. To avoid creating a recovery partition during the installation, follow these steps:
    1. Choose the Custom (advanced) installation type to select the partition where you will install Windows.
    2. Press Shift + F10 to open a command prompt during GUI-mode setup.
    3. At the command prompt, enter the following commands:
      Command Prompt

      diskpart select disk 0 create partition primary exit
    4. Close the command prompt window.
    5. Install Windows in the newly created partition.

Task 2 – Preparing the Base Image for Deployment

Typically, VM roles are best suited for deploying legacy systems that involve complex installation and configuration procedures or for those applications whose setup you cannot script; otherwise, a web or worker role together with start-up tasks typically provide a simpler solution and the benefit of lower management requirements. For the scope of this lab, because the objective is simply to confirm that you can deploy and start a VM Role image successfully, you will enable the Web Server role in your virtual machine. Note, however, that a web role with full-IIS support provides equivalent functionality and that you would not normally use a VM role for this purpose.

In this task, you prepare the image containing a default installation of Windows Server 2008 R2 Enterprise that you created in the previous task by installing the components required for deployment to Windows Azure.

  1. If necessary, in Hyper-V Manager, open a new Virtual Machine Connection window, and sign-in to the virtual machine that you created previously.
  2. In the guest operating system, if not already open, start Server Manager from All Programs | Administrative Tools.
  3. Select the Roles node and then click Add Roles.
    Adding a new server role
  4. In the Server Roles step, select the Web Server (IIS) role in the list and click Next.
    Installing the Web Server role
  5. In the Web Server (IIS) step, click Next.
    Web Server (IIS) step
  6. In the Role Services step, click Next without selecting any additional components.
    Configuring Web Server role components
  7. In the Confimation step, ensure that the Web Server role is included in the list of services and then click Install.
    Confirming the installation selections
  8. Wait for the installation to complete and then click Close.
    Successful installation of the Web Server role
  9. Next, in Server Manager, select the Features node and then click Add Features.
    Installing additional features
  10. In the Features step, expand .NET Framework 3.5.1 Features, select.NET Framework 3.5.1 and then click Next.
    Installing the .NET Framework prerequisite
    Note:The VM Role Integration Components require .NET Framework 3.5.1. You will install these components in the next task.
  11. In the Confirmation step, click Install.
    Confirming the installation of the .NET Framework features
  12. In the Results step, click Close.
    Successful installation of the .NET Framework feature
  13. Open the Windows Update control panel from Start | All Programs | Windows Update.
  14. In the Windows Update page, select Change Settings.
    Changing Windows Update settings
  15. In the Change Settings page, select the option labeled Never check for updates (not recommended) and then click OK.
    Disabling Windows Updates in the VM Role image
  16. Next, click Check for updates and install all available updates.
    Installing Windows Updates before deploying the VM Image
    If prompted, you may need to reboot and repeat the check for updates in case there are additional updates to install.

Task 3 – Installing the Windows Azure VM Role Integration Components

In this task, you install the Windows Azure VM Role Integration Components.

  1. In the Virtual Machine Connection window, in the Media menu, point to DVD Drive and then select Insert Disk. In the Open dialog, browse to the location of the ISO file for the VM Role Integration Components, wavmroleic.iso, and then click Open.

    Connecting the VM Role Integration Components installation ISO file to the virtual CD/DVD drive
    Note:If you have not installed the Windows Azure SDK in your Hyper-V server, you will need to copy the wavmroleic.iso file from another computer were you installed the SDK to the Hyper-V server’s hard disk. You will find this file in the iso folder of the Windows Azure SDK installation directory.
  2. After you connect the ISO file to the DVD drive of the virtual machine, wait for the AutoPlaydialog to appear and then click Open folder to view files using Windows Explorer.
    Browsing the VM Role Integration Components ISO file
    Note:If the AutoPlay feature is not enabled, open a Windows Explorer window and browse to the CD/DVD drive.
  3. In the Windows Explorer window, locate the WaIntegrationComponents-x64.msi (Windows Installer) file and double-click it to start the installation.
    Launching the installation of the VM Role Integration Components
  4. At the Welcome screen, click Next to proceed.
    Windows Azure VM Role Integration Components Setup Welcome screen
  5. In the Operating System Configuration step, enter an Administrator Password, confirm it, and then click Next.
    Configuring the administrator password
  6. Click Install to begin the installation of the Integration Components.
    Beginning the installation of the VM Role Integration Components
  7. When prompted to install device software, click Install to proceed.
    Installing required device drivers
  8. Wait for the installation to complete, which should only take a few seconds.
    Monitoring the progress of the installation
  9. Click Finish to exit the setup program.
    Successful installation of the VM Role Integration Components
  10. Once the installation of the components has finished, you will be prompted to restart the system. Click Yes to continue.
    Restarting the system to complete the installation of the integration components
  11. Wait for the system to restart and log in to the guest machine once again.
  12. Now, inside the VM, open the Start menu, type %windir%\system32\sysprep\sysprep.exe and then press Enter to launch the System Preparation Tool. Set the System Cleanup Action to“Enter System Out-of-Box Experience (OOBE)”, check the option labeled Generalize, set theShutdown Options to Shutdown, and then press OK.
    Launching the System Preparation Tool
    Note:The Sysprep tool (Sysprep.exe) prepares the image by cleaning up various user and machine settings and log files, as well as removing any hardware-dependent information.
  13. Wait for the system to completely shutdown. Your image is now ready for deployment.

Task 4 – Uploading the Disk Image to Windows Azure

In this task, you upload the VHD file to the Management Portal.

  1. Open a Windows Azure SDK Command Promptas an administrator from Start | All Programs | Windows Azure SDK v1.x.
  2. At the command prompt, execute the following command line, where:
    <YOUR-SUBSCRIPTION-ID> ID of your Windows Azure subscription that you obtain from the Management Portal
    <YOUR- CERTIFICATE-THUMBPRINT> Thumbprint of the management certificate that you can generate in Visual Studio and upload to the Management Portal (see Appendix A: Configuring your Windows Azure Management Portal Credentials in Visual Studio –   will post soon )
    <PATH-TO-VHD-FILE> Path to the disk image file, baseimage.vhd,that you built in Hyper-V
    <HOSTED-SERVICE-LOCATION> Windows Azure data center location where the hosted service will be deployed (choose, “East Asia”, “North Central US”, “North Europe”, “South Central US”, “Southeast Asia”, “West Europe”)

    Windows Azure Command Prompt

    csupload Add-VMImage -Connection "SubscriptionId=<YOUR-SUBSCRIPTION-ID>; CertificateThumbprint=<YOUR-CERTIFICATE-THUMBPRINT>" -Description "Base image Windows Server 2008 R2" -LiteralPath "<PATH-TO-VHD-FILE>" -Name baseimage.vhd -Location <HOSTED-SERVICE-LOCATION>

    Note:The –Connection parameter contains settings required to access and manage your subscription. If you regularly use the csupload tool, you may store this connection string in your local disk using the Set-Connection command and then execute commands without specifying the connection details each time.

  3. Press Enter to start execution.
  4. In the Windows Azure VHD Verification Tool dialog, click OK to allow the VHD to be mounted. If the AutoPlay dialog appears, close it.
    Mounting the VHD for verification
    Initially, the tool executes a preparation phase where it mounts the VHD file and verifies it. It then processes the file to create a smaller compressed copy. The file it generates has a .prepedextension and it stores it by default in the same folder as the original image file. To change the folder where csupload stores this file, use the –TempLocation parameter and then specify the path to the alternate location.

    Preparation phase of the csupload tool
  5. After the preparation phase completes, the tool creates a new blob to hold the image file and then begins to upload the compressed image to your Windows Azure account.
    Uploading phase of the csupload tool
    Note:Base image files are typically large and, depending on the speed of your Internet connection, may take a significant amount of time to upload.
  6. In the Management Portal, select the Hosted Services, Storage Accounts & CDN tab, and thenVM Images. Notice that the list includes the baseimage.vhd file that you are currently uploading and that its status is shown as Pending.
    Available VM Images including the image currently being uploaded
  7. Wait for the upload to complete, which may take several hours, if your connection is not very fast.
    VM image successfully uploaded to Windows Azure
  8. Examine the status of the VM role image in the Management Portal and verify that it has now changed to Committed.
    Image committed successfully after finishing the upload

Task 5 – Creating the Service Model

After completing the previous task, you now have a VM image deployed to your Windows Azure account. In this task, you create a service model and configure it to reference this image.

  1. Start Microsoft Visual Studio 2010.
  2. In Visual Studio, create a new Windows Azure Project. You may choose any language, Visual C# or Visual Basic, because you will only use Visual Studio to create the service model and generate the service package. Set the name of the project to MyVMRole, change the location to theSource folder of the lab, ensure that the option labeled Create directory for solution is checked, and set the solution name to Begin. Click OK to create the project.
    Creating a new Windows Azure Project
  3. In the New Windows Azure Project dialog, click OK without adding any roles. You will create a Virtual Machine role in the following steps.
    Creating a project to host the Virtual Machine Role
  4. Once the solution is created, right-click the Roles folder inside the MyVMRole project, point toAdd, and then select New Virtual Machine Role.
    Adding a new Virtual Machine Role to the project
    Note:Currently, access to VM Role is available through an invite-only beta program. If you enroll in this program, you will receive instructions for enabling the required functionality in the Windows Azure Tools for Visual Studio; otherwise, you may not see the required menu option.
  5. In the properties window for the new role, select the Virtual Hard Disk tab. To show the window, expand the Roles node in Solution Explorer and then double-click the VMRole1 role.
  6. Before you can choose an image to use for your VM role, you need to configure Visual Studio to access your Windows Azure account. If you have used Visual Studio previously to deploy service packages to Windows Azure, you may already have created the required credentials. (For instructions on how to do this, see Appendix A: Configuring your Windows Azure Management Portal Credentials in Visual Studio will post soon.)
  7. Once you configure the credentials, choose them in the drop down list labeled Select or create your Windows Azure account credentials. After you do this, Visual Studio accesses your subscription and retrieves a list of available virtual machine images.
  8. Expand the drop down list labeled Select VHD and choose the image named baseimage.vhd, which contains the installation of Window Server 2008 R2 Enterprise Edition that you uploaded earlier.
    Choosing a VHD for your virtual machine role
    Note:The drop down lists every VHD that you upload to your subscription.
  9. Configure an endpoint to allow external connections to the Web server in the VM Role. To do this, in the role properties window, switch to the Endpoints tab. Click Add Endpoint to create a new entry in the endpoints list. Set the name of the endpoint to HttpInselect Input in the Typecolumn, http as the Protocol and type 80 for both Public Port and Private Port values.
    Configuring an external endpoint for the virtual machine role
    Note:In this lab, you enable the Web Server feature in the VM image to provide a simple mechanism to determine when the role starts successfully; hence the need to declare the input endpoint.
  10. Next, configure the Remote Desktop connections for your role. To do this, right-click theMyVMRole cloud service project in Solution Explorer and select Package. In the Package Windows Azure Application dialog box, check Enable Remote Desktop for all Roles. It will prompt the Remote Desktop Configuration dialog.
    Preparing for deployment
  11. Expand the drop down list labeled Create or select a certificate to encrypt the user credentialsand select Create.
  12. In the Create Certificate dialog, enter a name to identify the certificate, for example,AzureRemote, and then click OK.
    Creating a certificate for Remote Desktop connections
  13. Now, back in the Remote Desktop Configuration dialog, choose the newly created certificate from the drop down list, enter the name of the user that you will use to connect remotely to your role–this can be any name of your choice–enter a password and confirm it, and leave the account expiration date unchanged.
    Configuring Remote Desktop settings
  14. Before you close the dialog, click View next to the certificate drop down list. In the Certificatedialog, switch to the Details tab and click Copy to File. Follow the wizard to export the certificate to a file, making sure that you choose the option to export the private key. Save the resulting file to a suitable location in your hard disk. You will need to upload this file to the Management Portal later, once you create a hosted service for your role.
  15. Click OK to close the Remote Desktop Configuration.
  16. Finally, create a package to deploy your virtual machine role. To do this, click Package and then wait until Visual Studio creates it. Once the package is ready, Visual Studio opens a window showing the folder that contains the generated files.
    Creating a service package in Visual Studio

Task 6 – Creating the Hosted Service and Deploying the Package

In this task, you create a new hosted service for your Virtual Machine role and then deploy the service package.

  1. Return to the browser window showing the Management Portal.
  2. Create a hosted service for your virtual machine role. To do this, select the Hosted Services, Storage Accounts & CDN tab followed by Hosted Services, and then click New Hosted Serviceon the ribbon.
    Creating a hosted service for your virtual machine
  3. In the Create a new Hosted Service dialog, enter a Service Name, for example, MyVMRole, and the URL that you wish to assign to the service. Remember that this URL is public, therefore, it needs to be unique and can only contain characters that are valid in a URL. The dialog validates the name as you type it and warns you if the name you choose has already been taken. Pick the region where you want to host the service from the drop down list labeled Choose a region and ensure that it is the same region where you uploaded the VM image in the previous task. Finally, in the Deploy pane, select the option labeled Do not deploy, and then click OK.
    Configuring the hosted service
  4. Upload the certificate used to encrypt the Remote Desktop password to the newly created service. To do this, expand the node for your hosted service to display and select theCertificates node and then click Add Certificate on the ribbon.
    Configuring service certificates
  5. In the Upload an X.509 Certificate dialog, click Browse and navigate to the location where you stored the certificate for Remote Desktop that you created and exported during the previous task, enter the assigned password, confirm it, and then click Create.
    Uploading the Remote Desktop certificate to the service
  6. Once you create the service, select it in the items pane of the Management Portal page, and then click New Production Deployment on the ribbon.
    Creating a new deployment for the service
  7. In the Create a new Deployment dialog, click Browse Locally next to the Package Location text box and then navigate to the location where Visual Studio generated the service package during the previous task. You should have a Windows Explorer window already open showing the correct location. Choose the service package file with a .cspkg extension and click Open. Repeat the same procedure to choose the Configuration File with a .cscfg extension in the same location. Finally, enter a label to identify your deployment, and click OK.
    Deploying a service package for the Virtual Machine role
  8. Once you start the deployment, you can monitor its progress in the Management Portal’s UI. Observe the various states that the deployment undergoes as the role starts up and initializes.
    Viewing the status of the hosted service
  9. Wait until the status of the deployment is shown as Ready.
    Hosted service successful start
  10. To verify that the role started successfully, open the home page of your VM role in your browser. You can find its URL in the Properties window of your deployment, which corresponds to the web server (port 80) endpoint that you defined while creating the service model.
    Accessing the input endpoint of the VM role
  11. Verify that you can access the default page in IIS, as shown in the image below.
    Accessing the web server running in the VM role

Introduction of node.js

what’s node.js?

If you’re not familiar with node.js, it’s a new web programming toolkit that everyone’s talking about. It’s the one that makes you feel not hip if you don’t know what it is. Like Ruby on Rails was a few years back. Folks called it “Node” and it’s basically server-side JavaScript. The idea is that if you are doing a bunch of JavaScript on the client and you do JavaScript all day, why not do some JavaScript on the server also. One less thing to learn, I suppose.
If you are an ASP.NET programmer, you can think of node.js as being like an IHttpHandler written in JavaScript. For now, it’s pretty low-level. It’s NOT an HttpHandler, but I’m using an analogy here, OK?

 Why does node.js matter?

Why bother with node at all? There’s a number of interesting aspects to node as it sits. It uses a very fast JavaScript engine called V8, but more importantly its I/O is asynchronous and event-driven which contrasts with typical synchronous code.
For example, a naive hello world HttpHandler in ASP.NET that “does some work” for a few seconds (gets a file, accesses a service, etc) could look something like this:

And this is usually fine for most stuff. However, when I push this HARD with a load testing tool and a thousand virtual clients, I can barely get 60 requests a second. The request thread is tied up waiting for the “work” to happen and everyone else gets in line. I’m using up ASP.NET pool. It’d be nice if the work would get handled and someone would “call me back” when it’s finished. It’s like waiting on hold for tech support. You are effectively blocked as you wait for them to pick up their end. Wouldn’t it be nice if they just called you back when they were ready?
ASP.NET has always been able to do things with IHttpAsyncHandler but it’s always been a bit hard and almost no one knows about it. With the Async CTP and the Task libraries built into .NET, you can build a nicer abstraction on top of IHttpAsyncHandler

Why would I want node.js to run on Windows and IIS?

Some of the advantages of hosting node.js applications in IIS using the iisnode module as opposed to self-hosting node.exe processes include:

  • Process management. The iisnode module takes care of lifetime management of node.exe processes making it simple to improve overall reliability. You don’t have to implement infrastructure to start, stop, and monitor the processes.
  • Scalability on multi-core servers. Since node.exe is a single threaded process, it only scales to one CPU core. The iisnode module allows creation of multiple node.exe processes per application and load balances the HTTP traffic between them, therefore enabling full utilization of a server’s CPU capacity without requiring additional infrastructure code from an application developer.
  • Auto-update. The iisnode module ensures that whenever the node.js application is updated (i.e. the script file has changed), the node.exe processes are recycled. Ongoing requests are allowed to gracefully finish execution using the old version of the application, while all new requests are dispatched to the new version of the app.
  • Access to logs over HTTP. The iisnode module provides access the output of the node.exe process (e.g. generated by console.log calls) via HTTP. This facility is key in helping you debug node.js applications deployed to remote servers.
  • Side by side with other content types. The iisnode module integrates with IIS in a way that allows a single web site to contain a variety of content types. For example, a single site can contain a node.js application, static HTML and JavaScript files, PHP applications, and ASP.NET applications. This enables choosing the best tools for the job at hand as well progressive migration of existing applications.
  • Minimal changes to node.js application code. The iisnode module enables hosting of existing HTTP node.js applications with very minimal changes. Typically all that is required is to change the listed address of the HTTP server to one provided by the iisnode module via the process.env.PORT environment variable.
  • Integrated management experience. The issnode module is fully integrated with IIS configuration system and uses the same tools and mechanism as other IIS components for configuration and maintenance.In addition to benefits specific to the iisnode module, hosting node.js applications in IIS allows the developer to benefit from a range of IIS features, among them:
    • port sharing (hosting multiple HTTP applications over port 80)
    • security (HTTPS, authentication and authorization)
    • URL rewriting
    • compression
    • caching
    • logging

These are all compelling, but the most interesting bit here, in my opinion, is integration. The iisnode module is a proper IIS module, just like ASP.NET and PHP. This means you can have a single website that has multiple kinds of content. Restated from above:
For example, a single site can contain a node.js application, static HTML and JavaScript files, PHP applications, and ASP.NET applications.
folks you can have an ASP.NET WebForms app and a ASP.NET MVC app in the same AppPool as a “hybrid.” Frankly, Dear Reader, people don’t even realize the power and flexibility of IIS. When you plug in something new like node but run it the way you run other things it inherits all the coolness of the outer container, in this case, IIS.

Web Services and Identity in Windows Azure

This article is a step by step guide that will help you to use claims-based identity for handling authentication and access management for your WCF services hosted in Windows Azure; it will show you how you can still take advantage of local identities for authenticating your users, despite the fact that your services are now hosted in the cloud. The lab will walk you through all the practicalities of taking advantage of the unique characteristics of the Windows Azure environment from your Windows Identity Foundation settings.


Windows Identity Foundation can simplify access to your Windows Communication Foundation (WCF) services, by providing the usual claims-based identity arsenal of good practices: authentication externalization, location independence, decoupling from credential types and many others. There is no reason for you not to enjoy the same advantages when you host your WCF services in Windows Azure: there are few practicalities that are intrinsic to the hosting platform, but the steps you need to follow are largely the same whether you are deploying your services on-premises or in the cloud. If you want to be fully aware of the differences between the two cases, you can optionally go through the lab “Web Services and Identity” and learn about how to use WCF and WIF on-premises before starting the current lab: please note that it is entirely optional, as this HOL is self-contained and independent.

This lab is a step by step guide that will help you to use claims-based identity for handling authentication and access management for your WCF services hosted in Windows Azure; it will show you how you can still take advantage of local identities for authenticating your users, despite the fact that your services are now hosted in the cloud. The lab will walk you through all the practicalities of taking advantage of the unique characteristics of the Windows Azure environment from your Windows Identity Foundation settings.

More precisely, you will learn how to:

  • Use Windows Identity Foundation with WCF services hosted in Windows Azure
  • Trusting an on-premises STS from a WCF service hosted in Windows Azure
  • Using WIF & WCF tracing for a WCF service hosted in Windows Azure, taking advantage of blob storage for the traces
  • Configure a WCF service to use load balancing
  • Deploy a WCF service secured via WIF to the Windows Azure cloud

Windows Identity Foundation can do much more than what we cover in this lab: we hope that the skills you will learn here will help you in your further explorations of identity development.

The first lab will show you the process to configure a weather service to trust an on-premises development STS, and run the entire solution in the Compute Emulator. The second lab will add diagnostics and load balancing features to the WCF service implemented in the first lab. Finally, the third lab will walk you through the steps for running the solution to Windows Azure, which trusts an on-premises STS, generates diagnostic logs, and provides load balancing facilities. As shown on the figure below, an already provided client will be used to consume the WCF service running on the Compute emulator and afterwards in Windows Azure.
WebServicesAndIdentityInTheCloudFigure 1A visual summary of what you will build in this lab


In this lab, you will learn how to:

  • Use Windows Identity Foundation for handling access to a WCF service hosted in the Windows Azure DevFabric by reusing on-premises identities
  • Add STS references on a WCF service hosted in Windows Azure
  • Add service references to a client which points to a WCF service hosted in Windows Azure
  • Configure a WCF service to emit WIF and WCF traces in blob storage, and retrieve traces for offline analysis
  • Provide custom SecurityTokenHandler and ServiceBehavior classes for enabling a WCF service to take advantage of load balancers
  • Deploy to the Windows Azure staging and production evnironments a WCF service secured via WIF


The following exercises make up this hands-on lab:

  1. Using the Windows Identity Foundation with a WCF Service in Windows Azure
  2. Adding Diagnostics and Load Balancing
  3. Deploying the WCF Service to Windows Azure

Debugging Applications in Windows Azure

In this Article, you will explore some simple techniques for debugging applications deployed in Windows Azure; and you will learn what features and techniques are available in Visual Studio and Windows Azure to debug applications once deployed to Windows Azure.


Using Visual Studio, you can debug applications in your local machine by stepping through code, setting breakpoints, and examining the value of program variables. For Windows Azure applications, the compute emulator allows you to run the code locally and debug it using these same features and techniques, making this process relatively straightforward.

Ideally, you should take advantage of the compute emulator and use Visual Studio to identify and fix most bugs in your code, as this provides the most productive environment for debugging. Nevertheless, some bugs might remain undetected and will only manifest themselves once you deploy the application to the cloud. These are often the result of missing dependencies or caused by differences in the execution environment. For addition information on environment issues, see Differences Between the Compute Emulator and Windows Azure.

Once you deploy an application to the cloud, you are no longer able to attach a debugger and instead, need to rely on debugging information written to logs in order to diagnose and troubleshoot application failures. Windows Azure provides comprehensive diagnostic facilities that allow capturing information from different sources, including Windows Azure application logs, IIS logs, failed request traces, Windows event logs, custom error logs, and crash dumps. The availability of this diagnostic information relies on the Windows Azure Diagnostics Monitor to collect data from individual role instances and transfer this information to Windows Azure storage for aggregation. Once the information is in storage, you can retrieve it and analyze it.


In this lab, you will:

  • Learn what features and techniques are available in Visual Studio and Windows Azure to debug applications once deployed to Windows Azure.
  • Use a simple TraceListener to log directly to table storage and a viewer to retrieve these logs.


This lab includes the following exercise:

  1. Debugging an Application in the Cloud